Event ID 18 — RRAS Secure Socket Tunneling Protocol

  • Article

Applies To: Windows Server 2008 R2

Secure Socket Tunneling Protocol (SSTP) is a new form of virtual private networking (VPN) tunnel with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate Point-to-Point (PPP) traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of HTTPS means traffic will flow through TCP port 443, a port commonly used for Web access.

Event Details

Product: Windows Operating System
ID: 18
Source: Microsoft-Windows-RasSstp
Version: 6.1
Symbolic Name: SSTPSVC_LOG_SERVER_SHA256_HASH_INVALID
Message: The Secure Socket Tunneling Protocol service either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrieve the value from the registry due to some other system failure. The detailed error message is provided below. SSTP connections will not be accepted on this server. Correct the problem and try again.

%1

Resolve

Modify value data for SHA256CertificateHash registry parameter

Open the Registry Editor and check the values of the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SstpSvc\Parameters\SHA256CertificateHash

Check that the System account has read/write permission for each registry key. To check the permissions:

  1. Right-click each registry key, and then click Permissions.
  2. If the System account does not have read/write permissions for the key, add them.
  3. Right-click the SHA256CertificateHash registry parameter, click Modify, type 32, and then click OK.

Verify

To verify that the remote access server can accept connections, establish a remote access connection from a client computer.

To create a VPN connection:

  1. Click Start, and then click Control Panel.
  2. Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
  3. Click Connect to a workplace, and then click Next.
  4. Complete the steps in the Connect to a Workplace wizard.

To connect to a remote access server:

  1. In Network and Sharing Center, click Manage network connections.
  2. Double-click the VPN connection, and then click Connect.
  3. Verify that the connection was established successfully.

RRAS Secure Socket Tunneling Protocol

Routing and Remote Access Service Infrastructure